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IN THE CLAIMS 



1 . (Currently Amended) A method of security enforcement for a persistent 
^ ^ data repository comprising: 

intercepting, in a nonintrusive manner, a data access transaction between 
a user application and a data repository having data items , , c v 

manner gathering the data access transaction frorr- < ^ •> - N 

application and the data repository; 

determining \^ -\v N N v^oeofif the intercepted data access transaction 
cer-r-espertds to a security policy, the security policy indicative of restricted data 
items in the data repository to which the user application is prohibited access; 
and 

selectively l imiting, based on the deteimioed iii corre^ooo i deoc e to the 
security policy, the data access transaction by modifying the data access 
transaction such that data indications, in the data access transaction, 
corresponding to restricted data items are modified in a resulting data access 
transaction according to the security policy, limiting the data access transaction 
further including: 

receiving a set of packets, the packets encapsulating the data 

access transaction according to layered protocols; 

interrogating and modifying the packets in a nondestructive manner 

with respect to the application layered protocols, the nondestructive 

manner preserving an expected application layer protocol encapsulation; 

padding the packets t e v , at« sock ets haying a corresponding 
^ , • N . - f of --ac€«m+TK3dat4f^--eliminafen--©f4h« 

restricted data items to generate the resulting data access transaction in 
a manner preserving encapsulation according to expected application 
based layered protocols; 
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access transaction ret . U 

2. (Original) The method of claim 1 wherein the security policy has rules, 
each of the rules including an object, a selection criteria and an action, the action 
indicative of restricted data items. 

3. (Original) The method of claim 1 wherein the data indications are 
references to data items in the data repository and limiting further includes 
qualifying the references to generate a modified request indicative of unrestricted 
data items, such that successive retrieval operations employing the qualified 
references do not retrieve restricted data items. 

4. (Original) The method of claim 3 wherein the data access transaction is a 
data access statement operative to request data and limiting further comprises: 

identifying at least one rule, according to the security policy, 
corresponding to the data access statement, the identified rule restricting access 
to at least one of the data items indicated by the data access statement; and 

concatenating selection qualifiers to the data access statement 
corresponding to the identified rule, the selection qualifiers operable to omit the 
restricted data items from the qualified references of the data access statement. 

5. (Currently Amended) The method of claim 1 wherein the data indications 
are rows of data retrieved from the data repositoryr-af^-l+mifeg-furtlieF 

comprises: 

i€tefriify4n§H^^^ 
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eHffHnattn§4he-idef^ 
the resulting data a ccess transact i on is a mod i f i ed query res ponse including rows 
w^l^y-t--festf4ete4-^a - ta - 4teffls . 

6. (Original) The method of claim 5 wherein the data access transaction is a 
data query response including a row set and limiting further comprises: 

comparing each of the rows in the row set to the rules of the security 
policy; and 

selectively eliminating rows in the row set including the restricted data 
items, based on the comparing, to generate a modified query response including 
a filtered row set. 

7. (Original) The method of claim 2 wherein the actions are selectively 
indicative of modifications, the modifications further comprising attributes, 
operators, and operands, the limiting further comprising 

identifying data items corresponding to the attributes, each of the 
attributes associated with an operator and an operand; 

applying an operator specified for the data item to the operand specified 
for the data item; and 

determining, as a result of applying the operator, whether to eliminate the 
identified data item. 

8. (Original) The method of claim 1 wherein the nonintrusive manner is 
undetectable to the user application and undetectable to the data repository. 

9. (Canceled) 



10. (Canceled) 
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1 1 . (Previously Presented) The method of claim 1 wherein generating the 
resulting data access transaction preserves the encapsulating layered protocol 
associating the packets without employing a proxy for regenerating the sequence 
of packets. 

12. (Original) The method of claim 4 wherein intercepting the data access 
statement includes receiving an SQL query and limiting includes appending 
conditional selection statements to the SQL query, the conditional selection 
statements computed from the security policy, to generate the resulting data 
access transaction. 

13. (Original) The method of claim 12 further comprising: 
building a parse tree corresponding to the SQL query; 

adding nodes in the parse tree corresponding to the appended conditional 
selection statements; and 

reprocessing the parse tree to generate the resulting data access 
transaction. 

14. (Original) The method of claim 6 wherein intercepting the data query 
response further comprises: 

intercepting the data query response from the data repository as the data 
access transaction, the data query response encapsulated as a row set having 
rows from a relational database query, and further wherein limiting includes 
discarding rows in the row set having restricted data items and transmitting the 
remaining rows to the user as the resulting data access transaction. 

15. (Original) The method of claim 1 wherein the nonintrusive manner is such 
that the intercepting and limiting occurs undetectable to both the source and the 
destination of the data access transaction. 
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16. (Original) The method of claim 1 wherein intercepting further comprises: 
establishing an identification exchange intended for interception and 

operable to transmit an identification token indicative of an application user; and 
parsing, as part of the intercepting, the identification exchange to extract 
the identification token, wherein the identification exchange is benign to the data 
repository. 

17. (Original) The method of claim 1 wherein intercepting occurs in a data 
path between a source of the data access transaction and a destination of the 
resulting data access transaction, and limiting occurs in a component separate 
from the source and destination. 

18. (Original) The method of claim 1 7 wherein the component separate from 
the source and destination is a separate network device than the components 
corresponding to the source and destination. 

19. (Original) The method of claim 1 wherein the restricted data items are 
eliminated from the resulting data access transaction. 

20. (Currently Amended) A method for nonintrusive implementation of 
t data level security enforcement comprising: 

defining a security policy between an application and a data repository, 
the security policy having rules indicative of restricted data items, the rules 
associated with attributes and conditions; 

identifying an entry point between the data repository and the application; 

deploying a security filter at the entry point, the security filter operable to 
receive data manipulation messages between the application and the data 
repository; the security filter further operable to limit data exposure by the data 
repository by selectively modifying the data manipulation messages into 
conformance with the security policy, the limiting further comprising: 
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sniffing the entry point to determine data manipulation messages; 
intercepting the sniffed data manipulation messages in a 
nondestructive manner with respect to the layered protocols, the 

nonintrusive manner o 

of data between the application and the data repository, the 
nondestructive manner preserving expected application based layered 
protocols; 

comparing the sniffed messages to the rules in the security policy 
and determine if the sniffed data manipulation message include restricted 
data items; 

determining i f the sn i ffed messages a match , , ^ 
Passages and at least one of the rules of the security policy; 

selectively modifying, b3sed ii oo iiii the iiii deter i mj i oed match tf4&e 

determ i n in g i nd i ca t es a between the rules and the data manipulating 
message, the data manipulation message to remove the matching 
restricted data item, modifying further including: 

building a parse tree corresponding to the SQL query; 
adding nodes in the parse tree corresponding to the 
appended conditional selection statements; and 

reprocessing the parse tree to generate the resulting data 
access transaction in a manner preserving encapsulation according 
to expected application based layered protocols, the resulting data 
, ed tQ § rC'i-<e^i:or w Jio Jt r es* r . oted data 

items. 



21 . (Original) The method of claim 20 wherein determining comprises 
comparing attributes of the data manipulation messages with operators and 
operands in the compared rules, the operators and operands indicative of 
restricted data items in the data repository. 
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22. (Original) The method of claim 20 wherein modifying further comprises: 
reconstructing a request query corresponding to a query syntax; and 
adding limiters to the request query corresponding to the matching rules of 

the security policy, the adding performed in a nondestructive manner such that 
the modification is undetectable to the data repository. 

23. (Original) The method of claim 20 wherein modifying further comprises: 
identifying a data retrieval response encapsulated in a layered protocol on 

the data manipulation message; and 

reconstructing the data retrieval response by deleting restricted data items 
from the data retrieval response, the reconstructing performed in a 
nondestructive manner undetectable to the application and conforming to the 
encapsulating layered protocol. 

24. (Currently Amended) A ^ " . o data security filter device for security 
enforcement for a persistent data repository comprising: 

an interceptor in the security filter operable to intercept, in a nonintrusive 
manner, a data access transaction between a user application and a data 
repository having data itemsJhejTonint^^ £j - 1 ss 

transaction fro m a stream of data between the ap plication and the data 
rilrosjtory; 

a security policy table responsive to the interceptor to determine a 
- N o ro , v , :s- the intercepted data access transaction eerre - s - peRd - s to the 
security policy table, the security policy table indicative of restricted data items in 
the data repository to which the user application is prohibited access; and 

a limiter operable to ^ . o s limit, based on the determined 
LilXi:..-!.. 1 ...security policy the data access transaction by modifying 

the data access transaction such that data indications, in the data access 
transaction T and corresponding to restricted data items, according to the security 
policy table, are modified in a resulting data access transaction, the security filter 
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operable to manipulate the resulting data access transaction in a nonintrusive 
manner such that modifications performed on the data access transaction are 
undetectable to the user application and undetectable to the data repository, the 
data access transaction being contained in a set of packets, the limiter further 
operable to: 

receive the set of packets, the packets encapsulating the data access 
transaction according to application based layered protocols; and 

interrogate and modify the packets in a nondestructive manner with 
respect to the layered protocols, the nondestructive manner preserving 
expected application based layered protocols.; 

pad the p ackets to emuiate packets havin g a corre- H^¥iii>j !^n v jm 

transaction^ % 

application based iavered protocols: 

identify rows in the packets having restricted data ite^ i 

eiiminate th e identified rows from the data access transac - »n sue 3 




25. (Original) The security filter of claim 24 wherein the security policy has 
table rules, each of the rules including an object, a selection criteria and an 
action, the action indicative of restricted data items. 

26. (Original) The security filter of claim 24 wherein the data indications are 
references to data items in the data repository and the limiter is operable to 
qualifying the references to generate a modified request indicative of unrestricted 
data items, such that successive retrieval operations, from the data repository, 
employing the qualified references do not retrieve restricted data items. 
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27. (Original) The security filter of claim 26 wherein the data access 
transaction is a data access statement operative to request data, wherein: 

the interceptor is operable identify at least one rule, according to the 
security policy, corresponding to the data access statement, the identified rule 
restricting access to at least one of the data items indicated by the data access 
statement; and 

the limiter is operable to concatenate selection qualifiers to the data 
access statement corresponding to the identified rule, the selection qualifiers 
operable to omit the restricted data items from the qualified references of the 
data access statement. 

28. (Original) The security filter of claim 24 wherein the data indications are 
rows of data retrieved from the data repository, wherein: 

the interceptor is operable to identify rows having restricted data items, 

and 

the limiter is operable to eliminate the identified rows from the data access 
transaction such that the resulting data access transaction is a modified query 
response including rows without restricted data items. 

29. (Original) The security filter of claim 28 wherein the data access 
transaction is a data query response including a row set wherein: 

the interceptor is operable to compare each of the rows in the row set to 
the rules of the security policy; and 

the limiter is operable to selectively eliminate rows in the row set including 
the restricted data items, based on the comparing, to generate a modified query 
response containing a filtered row set. 

30. (Original) The security filter of claim 25 wherein the actions are selectively 
indicative of modifications, the modifications further comprising attributes, 
operators, and operands, wherein the limiter is operable to: 
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identify data items corresponding to the attributes, each of the attributes 
associated with an operator and an operand; 

apply an operator specified for the data item to the operand specified for 
the data item; and 

determine, as a result of applying the operator, whether to eliminate the 
identified data item. 

31 . (Canceled) 

32. (Canceled) 

33. (Original) The security filter of claim 24 wherein the data access 
transaction is contained in a set of packets wherein the limiter is operable to: 

receive the set of packets, the packets encapsulating the data access 
transaction according to layered protocols; 

interrogate and modify the packets in a nondestructive manner with 
respect to the layered protocols; and 

pad the packets for accommodating elimination of the restricted data items 
to generate the resulting data access transaction. 

34. (Original) The security filter of claim 33 wherein the resulting data access 
transaction conforms to the encapsulating layered protocol associating the 
packets. 

35. (Original) The security filter of claim 27 wherein the data access 
statement is an SQL query and wherein the limiter is operable to append 
conditional selection statements to the SQL query, the conditional selection 
statements computed from the security policy, to generate the resulting data 
access transaction. 



U.S. Application No.: 10/723,521 Attorney Docket No.: GRD03-01 

-12- 

36. (Original) The security filter of claim 35 further comprising a parse tree, 
the interceptor operable to build the parse tree corresponding to the SQL query, 
wherein the limiter is further operable to add nodes to the parse tree 
corresponding to the appended conditional selection statements; and 
reprocessing the parse tree to generate the resulting data access transaction. 

37. (Original) The security filter of claim 24 wherein the interceptor is 
operable to intercept the data query response from the data repository as the 
data access transaction, the data query response encapsulated as a row set 
having rows from a relational database query, wherein the limiter is operable to 
discard rows in the row set having restricted data items and transmit the 
remaining rows to the user as the resulting data access transaction. 

38. (Original) The security filter of claim 24 wherein the user application and 
the data repository define a data path between a source of the data access 
transaction and a destination of the resulting data access transaction, wherein 
the security filter is disposed in a component separate from the source and 
destination. 

39. (Original) The security filter of claim 38 wherein the component separate 
from the source and destination is a separate network device than the 
components corresponding to the source and destination 

40. (Currently Amended) A method for nonintrusive implementation of 
^ " -Lsldata level security enforcement comprising: 

defining a security policy having rules, the rules further specifying 
attributes and conditions; 

intercepting a data retrieval request < • e \ the 
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comparing the data retrieval request to the security policy; 

determining the data retrieval request 

andcefpes^mds4e at least one of the rules of the security policy; 

identifying, via a parse tree, selectivity operators indicative of the data to 
be retrieved; 

-v modifying ;r.v>o-:...:;n i snce, the parse 

tree according to the corresponding rule to generate a modified data retrieval 
request; and 

forwarding the modified data retrieval request to the data repository for 
subsequent retrieval and transport to the requesting user, modifying the parse 
tree further including 

building a parse tree corresponding to the SQL query; 

adding nodes in the parse tree corresponding to the appended 
conditional selection statements; and 

reprocessing the parse tree to generate the resulting data access 
transaction by modifying the packet content being delivered to the 
database consistent with the original data retrieval request, the generated 
resulting data access transaction preserving encapsulation according to 
application based layered protocols expected in the original data retrieval 
request, the resulting data access transaction returned to a requestor 
o \ >. data items. 

41 . (Currently Amended) A computer program product having a computer 
readable s >rage medium operable to store computer program logic embodied in 
computer program code < k > ^ - . < " responsive to .a.processor 
encoded thereon cause the computer to 

perlo ii . far- implementing security enforcement in a persistent data 

repository comprising: 

computer program code for intercepting, in a nonintrusive manner, a data 
access transaction between a user application and a data repository having data 
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items; 

computer program code for determining if the intercepted data access 
transaction corresponds to a security policy, the security policy indicative of 
restricted data items in the data repository to which the user application is 
prohibited access; and 

computer program code for limiting, based on the security policy, the data 
access transaction by modifying the data access transaction such that data 
indications, in the data access transaction ? and corresponding to restricted data 
items are modified in a resulting data access transaction according to the 
security policy, intercepting the data access statement including receiving an 
SQL query and limiting including appending conditional selection statements to 
the SQL query, the conditional selection statements computed from the security 
policy, to generate the resulting data access transaction, further comprising: 

computer program code for building a parse tree corresponding to the 
SQL query; 

computer program code for adding nodes in the parse tree corresponding 
to the appended conditional selection statements; and 

computer program code for reprocessing the parse tree to generate the 
resulting data access transaction, the generated resulting data access 
transaction preserving encapsulation according to application based layered 
protocols expected in the original data retrieval request, the resulting data access 
;;.,L. ;:V ,;.: ■ 

42. (Currently Amended) A computer readable ,v N medium operable to 
store computer program logic embodied in computer program code jj^iudjng_a 
^ N \ C* - encoded thereon " 

security enforcement for a persistent data repository comprising: 



U.S. Application No.: 10/723,521 Attorney Docket No.: GRD03-01 

-15- 



program code fef-intercepting, in a nonintrusive manner, a data access 
transaction between a user application and a data repository having data items,. 

data between the application a re h, , ory; 

program code fef-determining : s espo jdence oftf the intercepted data 
access transaction corr e sponds to a security policy, the security policy indicative 
of restricted data items in the data repository to which the user application is 
prohibited access; and 

program codelof .-v-yt v limiting based on the . 
gojiespondence to the secu rity policy, the data access transaction by modifying 
the data access transaction such that data indications, in the data access 
transaction, corresponding to restricted data items, according to the security 
policy, are modified in a resulting data access transaction, intercepting occurring 
in a data path between a source of the data access transaction and a destination 
of the resulting data access transaction, and limiting occurring in a component 
separate from the source and destination, the component separate from the 
source and destination being a distinct network device from the components 
corresponding to the source and destination such that the nonintrusive manner is 
undetectable to the user application and undetectable to the data repository by 
preserving encapsulation according to expected application based layered 
protocols in the resulting data access transaction, Jjmjtjng the ; data access 

\ \e n, tne, packers e --ca^d a f i a fry iata 
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. /\ . i ... ... • ^s.s:s:^.:.±\: 

applicat Qtocojs; 



response including rows without PrS" 

access trar sad on reiyrned,to,a, regucsb' - - ^ 

43. (Currently Amended) A data security filter device for security enforcement 
for a persistent data repository comprising: 

means for intercepting, in a nonintrusive manner, a data access 
transaction between a user application and a data repository having data items, 
the nonintrusive manner being undetectable to the user application and 
undetectable to the data repository , the nonintrusive manner catr. es 
cc is > transaction from a stream of data between the application and r , j 

i; > } , 

means for determining a corres pondence oftf the intercepted data access 
transaction corresponds to a security policy, the security policy indicative of 
restricted data items in the data repository to which the user application is 
prohibited access; and 

means for , .. limiting, based on the ^.09Ees£Q.r<dc . <. 

the^security policy, the data access transaction by modifying the data access 
transaction such that data indications, in the data access transaction, 
corresponding to restricted data items, according to the security policy, are 
modified in a resulting data access transaction; 

the data indications being rows of data retrieved from the data repository, 
such that the means for limiting further comprises: 

means for receiving a set of packets, the packets encapsulating the data 
access transaction according to layered protocols; 
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means for interrogating and modifying the packets in a nondestructive 
manner with respect to the layered protocols the nondestructive manner 
preserving expected application based layered protocols; 

means for identifying rows having restricted data items; 

means for eliminating the identified rows from the data access transaction 
such that the resulting data access transaction is a modified query response 
including rows without restricted data items; 

means for padding the packets k o NN ■ i-.c t 3 

QQTOSirond^ accommodat i ng e limination 

ef4he-f«sfrj^ed--dete--^ems-to generate the resulting data access transaction, 
generating the resulting data access transaction preserving the encapsulating 
layered protocol associating the packets without employing a proxy for 
regenerating the sequence of packets; 

the data access transaction being a data query response including a row 
set such that the means for limiting further includes: 

means for comparing each of the rows in the row set to the rules of 

the security policy; an4 

means for identifying rows in the packets having restricted data 
and 

means for selectively eliminating rows in the row set including the 
restricted data items, based on the comparing, to generate a modified 
query response including a filtered row set corresponding to packets 
expected according to application based layered protocols of the 
intercepted data access transaction such that the resulting data access 



; : v:LL; : : ; ;..ii:7:- : ^ 



44. (Previously Presented) The method of claim 1 wherein the nonintrusive 
manner is undetectable to the user application and undetectable to the data 
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repository, the nonintrusive manner such that the intercepting and limiting occurs 
undetectable to both the source and the destination of the data access 
transaction, wherein intercepting occurs in a data path between a source of the 
data access transaction and a destination of the resulting data access 
transaction, and limiting occurs in a component separate from the source and 
destination, and the component separate from the source and destination is a 
separate network device than the components corresponding to the source and 
destination. 

45. (Previously Presented) The method of claim 1 wherein padding the 
packet further comprises nondestructively modifying the packet such that the 
packet appears undisturbed to the receiver. 

46. (Previously Presented) The method of claim 1 wherein modifying further 
comprises: 

nondestructively modifying a payload of the packet at the application layer; 

and 

leaving encapsulated, non-payload control information in the packet 
undisturbed. 



